Almost a year after getting infected with ransomware, the City of Cartersville in the U.S. State of Georgia this week admitted to paying ransomware operators $380,000 to unlock its systems.
Cartersville reportedly got infected in early May last year when it saw “3 terabytes worth of data” vanish from city computers and servers. The city recovered within a week, but only after paying their cyber-aggressors to the tune of $380,000 in non-tradable Bitcoins, “with an additional $7,755.65 paid for transaction fees and negotiators,” according to the documents obtained by The Daily Tribune News.
The incident was made public this week after the news outlet filed an Open Records Request. Records obtained in the wake of such a request are documents that are supposed to be made available to members of the public on request. Each of the fifty states has its own set of laws governing which documents are considered public.
The payout is reportedly much lower than the amount demanded by the attackers. According to Assistant City Attorney Keith Lovell, the sum sought by the hackers was initially $2.8 million. The cybercrooks reportedly used Ryuk ransomware in the attack on Cartersville, a ransomware strain notoriously used in attacks on government and state institutions, and sometimes on critical infrastructures, including oil pipelines and hospitals.
City Manager Tamara Brock couldn’t confirm exactly how the attackers breached city systems. However, all signs point to a negligent city employee clicking on a malicious file in an email.
“What we basically have kind of narrowed it down to is it started as an email string, most likely, and came in when a file was clicked on,” Brock said.
The case is under investigation by the FBI.
Studies consistently show that employees are the most vulnerable link in a cyberattack. And according to a study commissioned by Bitdefender in 2019, companies placing more emphasis on cyber-training their employees are proportionally better at detecting and stopping an unfolding attack.
Fittingly, Cartersville is now regularly testing employees with intentional phishing emails to teach them how to recognize those for training purposes. The City has also migrated to a new email filtering provider, added monitoring software, and implemented a new protocol to help personnel “weed out malicious emails from their inboxes,” according to the report.